CVE-2024-45588

Name of the Vulnerable Software and Affected Versions: Symphony XTS Web Trading version 2.0.0.1 P160

Description: This issue exists due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this by manipulating parameters through an HTTP request, leading to unauthorized access and modification of sensitive information belonging to other users.

Recommendations: For version 2.0.0.1 P160, consider restricting access to the Preference module until a patch is available. As a temporary workaround, avoid using the vulnerable API endpoints in the Preference module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.